Registrar Connections

Building Advocates and Influencing Key Audiences
Special Article Contributed By Erin Roche, Director, Weber Shandwick PR Agency

Part 2 of 2 – The Part 1 article in our July issue discussed Starting with a Position and a Message, and Identifying Audiences.

Know your advocates
In order to build advocates for your business, you need to know who they are and what they care about. Most importantly, you need to initiate and maintain a relationship with them. A positive personal experience or connection is critical in triggering advocacy. Make a list of the media, analysts, investors or other influencers you are trying to reach and do some background research to better understand who they are and how they might react to what you have to say.

Once you identify the best vehicle to deliver your message to potential advocates, give them the information they need to know about your business and encourage them to share your message with their audiences.

Other ways to get your message across
Contribute to or write an article: Every day you see quotes and references from experts in the industry, and it is extremely unlikely that the reporter sought out all of these people for their stories. If you can provide something new or insightful on a subject a reporter covers, you will be helping them, and they will likely return the favor by including you in their article. Be careful not to self promote. Reporters won’t respond to a sales pitch so it is important to provide them with information and insight they can use in their story and not necessarily tell them how great your company did last quarter.

Speak at a conference or meeting: Participating in a speaking opportunity is a great way to build credibility amongst peers and position yourself as an expert in the industry. Search for upcoming conferences, meetings, panel discussions or Web casts that could use your contribution. These could be general technology forums at which you could highlight the importance and growth of the domain name industry, or something more specific at which you could speak on an upcoming product, idea or business model. If possible, provide deliverables for your audience to reference later and include your name and contact information.

Plan an event: A new product or service release doesn't get much exposure if nobody knows about it. Just because your business exists in cyberspace doesn't eliminate the possibility for a launch event. Create hype by aligning the release with a Web cast on industry trends. Invite other experts and industry influencers and don't forget to include relevant media. Be creative and find a way to get other people involved in what you are doing.

Building a strategic network of advocates and reaching them with a strong and relevant message is the goal of every public relations campaign. It doesn’t matter if you do that through a story in USA Today or a keynote at an industry conference as long as you are influencing the right audiences to help your business retain and win customers. You have many choices as to how to best deliver your message so it is important to understand who your audiences are and what they care about to make a positive impact and encourage them to tell your story to others.

Erin Roche is a director in the technology practice at Weber Shandwick, a global public relations agency. For more information about public relations and building a network of advocates, please contact Erin Roche at eroche@webershandwick.com.

Registrar Advisories via RSS Feed

Many registrars have requested that we should make our Registrar Advisories available via RSS Feeds. We listened to you and are happy to announce that we have launched it. To subscribe to the feed, go to: http://feeds.feedburner.com/VeriSignRegistrarAdvisories.

2007 Survey Report by the Society for Human Resource Management (SHRM)

An E-recruiting Survey was conducted by SHRM in March 2007. Here are a few interesting facts based on that analysis that examines trends in the recruitment industry and differences among .jobs and non-.jobs organizations.

“Recruiting has changed dramatically over the past decade. Trends such as the growing importance of niche job boards and social networking sites, as well as other new e-recruitment technologies such as video resumes, are changing the recruitment landscape…. Overall, e-recruiting is becoming more sophisticated, and new advancements in the field are bringing greater efficiency to the recruitment process.”

Recruitment advertising spending now exceeds $10 billion in the US.¹ The cost for attracting qualified candidates is forecasted to only grow as recruiting competition increases over the next few years. On-line recruitment advertising alone is projected to grow at an annual growth rate of 10% through 2011.

The SHRM report also discovered that 72% of organizations with .jobs domain names were significantly more likely to offer direct navigation* to the jobs page in their advertising campaigns, than those organizations with non-.jobs domain names (50%).

SHRM says, “There is no question that in the coming years, organizations will face a ‘talent challenge’ and we’ll have to devise creative hiring practices and employ effective recruiting strategies to obtain a skilled, engaged employee base.” It seems that implementing direct navigation in the recruitment advertising strategy is part of that solution.

Organizations with a .jobs domain name, compared with companies without a .jobs domain name, often had better outcomes with e-recruiting. Some of the findings from the .jobs organizations were that they were significantly more likely to: Offer direct navigation in their advertising campaigns; Monitor the average number of clicks it takes for a job candidate to find the career section on the on the organization’s Web site; Have an applicant tracking system; and Indicated that it was ‘easy’ or ‘very easy’ for job seekers to apply for a job.

*Direct Navigation is defined in the SHRM report as “the method an Internet user uses to navigate the Internet in order to arrive directly at a specific Web site. Organizations with a .jobs domain name provide job seekers with a simple and direct method to access the company jobs page. This involves the user bypassing any online search engines and navigating directly to the domain.” In other words, providing a direct URL to the organization’s jobs page (e.g., www.shrm.jobs) rather than providing a general URL (www.shrm.org).

Don’t Get Hacked: What Everyone Should Know About AJAX Security

Part 2 of 3 - The Part 1 article in our July issue discussed Exposure of Unnecessary Internal Information and Improper Validation.

Cross-Site Scripting
Cross-site scripting is accomplished by the hacker injecting HTML or JavaScript code in to the application. Unfortunately, this can be a very serious vulnerability in Web applications. Recently, several cross-site scripting attacks have been observed, where malicious JavaScript code from a particular Web site gets executed on the victim’s browser thereby compromising information. The Yamanner worm that exploited cross-site scripting opportunities in Yahoo® mail’s and the Samy worm that exploited MySpace.com® are classic examples. In AJAX applications, the attacker is only required to craft a malicious link to coax unsuspecting users to visit a certain page from their Web browsers. This vulnerability existed in traditional applications as well but AJAX has added some new dimensions to it such as JSON poisoning and Presentation/View poisoning.

The countermeasure for Cross Site Scripting involves practicing input validation and most importantly output encoding of to neutralize HTML and JavaScript code.

Cross Site Request Forgery
Cross-Site Request Forgery is an old attack vector in which a browser can be forced to make HTTP GET or POST requests to backend. These can be requests for changing the password or email address or even update an account. When the browser makes this call it replays the cookie and adopts an identity. This is the key aspect of the request. If an application makes a judgment on the basis of cookies alone, this attack will succeed. Since Ajax applications talk with backend services, it is possible to invoke them over GET and POST using the asynchronous call in the background by potentially exploiting a cross site scripting vulnerability.

Unfortunately, there are is no silver bullet solution to this. But one can decrease the possibility by implementing a POST-based service & Referer header checking & token approach. Some of the other best practices include setting a short time period for user sessions prevent XSS flaw as discussed earlier.

Improper Authentication
Authentication is the act of proving who you say you are. In real life, we use driver’s license or passport. In the world of computers, we use a user id and password or even digital certificates. With AJAX applications, because of the “Origin of Policy” rule, developers often implement authentication over plain HTTP. This can be an issue because hackers CAN steal unencrypted user credentials by performing a man in the middle attack.

The countermeasure involves either using HTTPS for the entire Web 2.0 application session, or use HTTP with the “Direct Login” AJAX pattern, or use traditional HTTPS login page with redirect to HTTP AJAX application

Next month’s final article will discuss Denial of Service and Code Complexity Issues.

State of the Domain Name Industry – August 2007 Report

The VeriSign Domain Name Industry Brief reports at the midpoint of 2007, the total base of domain name registrations worldwide was 138 million across all of the Top Level Domain Names (TLDs). This represents a 31 percent increase over the same quarter last year and an eight percent increase over the first quarter 2007. The Country Code Top Level Domain Names (ccTLDs) totaled 51.5 million domain name registrations, a 36 percent growth year over year and a 13 percent growth quarter over quarter. In terms of total registrations, .com remained the largest TLD in terms of its total base of registrations, with .de (Germany), and .net following. For the next largest TLDs, .uk (United Kingdom), .cn (China) and .org have about the same number of registrations with only 130,000 domain name registrations separating them.

The overall .com and .net domain name base increased by six percent quarter over quarter resulting in more than 73 million .com and .net domain name registrations at the end of the second quarter. This represented a 27 percent increase year over year. New .com and .net domain name registrations were added at an average of 2.3 million per month in second quarter 2007 for a total of seven million new registrations.

The Domain Name Industry Brief series highlights key trends in the industry, key performance indicators and growth opportunities. VeriSign will issue the latest report with full findings on August 27. The report will be available at www.verisign.com/domainbrief.

360 View: Magic Quadrant for MSSPs

VeriSign has been positioned by Gartner, Inc. in the Leaders quadrant in the “Magic Quadrant for Managed Security Service Providers (MSSPs), North America, 1H07” report.²

Issued on August 1, 2007, the “Magic Quadrant for Managed Security Services Providers, North America, 1H07” evaluated MSSPs on their completeness of vision and ability to execute. According to Gartner, service providers positioned in the Leaders quadrant have significant "mind share among enterprises looking to buy an MSS from pure-play security vendors, and they generally receive positive reports on service and performance from Gartner clients. Vendors in the Leaders quadrant are typically appropriate options for enterprises requiring frequent interaction with the MSSP for analyst expertise and advice, portal-based correlation and workflow support, and flexible reporting options.”

“Because Managed Security Services are an essential part of our Layered Security Solution, VeriSign is pleased that Gartner has positioned us in the Leaders quadrant among MSSPs in North America,” added Meyers. “We view this as validation of VeriSign’s comprehensive approach to securing business interactions on the Internet – one that encompasses protecting a company’s consumers, brand, Web site, and network. Building on such MSS innovations such as our Log Management Service and new Wireless Intrusion Prevention Service, we will work hard to maintain our leadership position in this market.”

2 Source: Gartner, Inc., "Magic Quadrant for MSSPs, North America, 1H07" by Kelly M. Kavanagh and John Pescatore, August 1, 2007

Webinar Schedule

The VeriSign Naming Services team is hosting a series of Webinars on domain name technology and business-focused topics. The presentations will be conducted by key VeriSign executives – often by the primary project leaders of the research or developers behind the technology. The Webinar series’ goal is to share and provide registrars with valuable insight into the domain name industry and new trends shaping our business. To see

We welcome your suggestions on other domain name topics that interest you. You may send your comments, questions or suggestions via email to NamingMarketing@verisign.com. We look forward to hearing from you.

VeriSign Naming Services Staff Spotlight: Mariko Young

Finding true value in your work is the secret to doing a great job.

Here’s a perfect example: when I heard someone describe Mariko Young as “one of the best” I went to the subject and asked Mariko directly how she liked her role as Technical Support specialist for VeriSign. She quickly replied that she enjoyed the work because it was a privilege to have the opportunity to “understand and interpret VeriSign’s products and services and see how they relate to the end-user’s needs.”

Mariko joined VeriSign in September of 2005 as technical support for registrars on escalation issues, and is also responsible for Name Store, .com, .net, .tv, .cc, Supply Chain, Real Time Publishing, Internet Profile Service and Domain Name Suggestion Service. And as VeriSign always offers employees continuing education training classes, she was thrilled with this benefit and has always stepped up to take advantage of this opportunity to help her grow and improve her job performance.

Her solid background experience as a technical support professional was vital to Mariko joining VeriSign. While in Japan, she worked as a Microsoft Certified Trainer, conducting classes for up to 20 engineer students on MS programs. Then she joined Intel’s web hosting division, starting as a sales assistant and moving up to a primary customer support role in their global data center. That was an ideal learning opportunity, Mariko recalls, where she had first-hand experience understanding what the customer needed, and it was interesting and “fun” to work with the engineers. She realized that she was the vital link between customers and engineers.

Born and raised in Tokyo, Japan; Mariko was an exchange student in Rockford, Illinois; went to college in Queensland, Australia; vacationed in Taiwan, Hong Kong, Thailand, Indonesia, Singapore, Korea and Spain; and is now based with her husband in the D.C. area. Why did she move around so much? Mariko smiles and says that traveling is her hobby.

And about VeriSign, “…everyone is friendly and there are many people that I respect. This was my first job in the U.S. and when I started, my English was not good but I learned quickly from my other team members, such as Bonnie and Jesus, plus VeriSign also offered many opportunities for me to attend communication courses. VeriSign is a very good company. I never gave ‘career growth’ a thought before, but seeing how strongly VeriSign supports its own employees and often promotes people from within has inspired me. I would like to continue growing within VeriSign and in five years be involved in project management or marketing.”

Customer Service: Frequently Asked Questions

This section includes some recent questions handled by the Customer Service group. The topics for this issue include: EPP user password, VeriSign SRS and the restoration fee.

ANSWER: In OTE, you can reset your EPP user password after you have logged in via EPP or you can reset your user password in the NameStore OTE Manager. In Production, you can reset your EPP user password in the NameStore Production Manager. After August 25, you will also be able to reset your user password via EPP.

Question: Does the restoration fee include the one year renewal registration fee?

ANSWER: No, the $40 restoration fee does not include the renewal registration fee and does not add a year. If a domain name is still expired after restoration, the domain name will be auto-renewed on the next day, a year will be added and the renewal registration fee will be assessed at that time.

Special Report on Technology from eMarketer: College Students Online: A Parallel Life on Social Networks

The 18 million U.S. college students heading back to campus this fall are the most wired generation yet: 17.1 million, or 95%, will use the Internet at least once a month. Their time spent online is measured in hours per day—not per week. Multitasking is prevalent, especially when the TV is on. Social networking remains an essential part of campus life, with parents, professors and future employers signing up, too. On many campuses, more than 80% of students use social networking sites on a regular basis. Students are also more likely than the rest of the population to use online video and user-generated content such as blogs. They value word-of-mouth for purchasing decisions. Combined with their strong use of social networks, this makes college students a key audience for online word-of-mouth marketing.

To read the full report, please contact Jennifer Moore at 212.763.6046 or send an email to jmoore@emarketer.com.

In the News

This section contains a selection of articles pertaining to the Domain Name Industry compiled by Information, Inc.

"ICANN Opens Registrar Reform Up to Public Comment"
The Register (UK) (07/30/07) Hansen, Burke
ICANN is allowing public comments addressing amendments to the Registrar Accreditation Agreement (RAA). The failure of RegisterFly, the ICANN accredited domain registrar, resulted in controversy about threats to Internet security. The ICANN Web site will allow the public to add their comments, and ICANN itself proposes some changes to the existing agreement. These changes include implementing provisions to control the terms in which a registrar can be sold while retaining ICANN accreditation; implementing contract enforcement tools that provide an alternative to terminating accreditation; addressing the responsibility of a "parent" owner/manager when a "family" of registrars fails to meet ICANN compliance; and requiring registrars to escrow contact information for customers that register domain names using Whois privacy and Whois proxy services. The proposed changes also include making the responsibility of registrars relative to their relationships with resellers, and requiring operator-skills training for all ICANN accredited registrars.

"Chinese Domain Name Registrars Sign Agreement"
ChinaTechNews.com (07/26/07)
Chinese domain name registrars have taken a big step toward eliminating bad practices in the industry, with over40 domain registrars agreeing to sign a self-regulation framework. The Internet Domain Name Registration Service Self-discipline Convention aims to protect domain name owners by cracking down on illegal and misguided behavior in the industry. The China Internet Network Information Center will oversee the convention, which calls for participating registrars to adhere to eight provisions, including a promise not to mislead customers to register domains or bother them with excessive communications. The registrars that have signed the convention account for more than 90 percent of Chinese domains under management. Several other registrars also are expected to sign the convention.

"11 Million De-Domains"
Verivox (07/11/07)
The number of .de registrations has reached the mark of 11 million, according to DENIC, the registry for the German ccTLD. The .com domain extension, with nearly 69.3 million registrations, is the only domain extension with more registrations than .de. By comparison, .net has roughly 9.9 million registrations, .org has 5.9 million, .info has 4.9 million, and .biz has 1.8 million registrations. Domain registrar Secura, which is accredited by ICANN, offers a unique experience on its Web site, located at http://www.domainregistry.de/de-domain.html. Visitors to the site can watch .de domains being deleted in real-time, says Secura CEO Hans-Peter Oswald, who describes the experience as "domain television." All .de domains that have been deleted by DENIC are shown immediately on the site, and visitors can actually click on deleted domains to register the domains. Another list shows deleted domains with a page rank of 1 or higher, with the page rank indicating how likely it is for the domain to be found on the Web.

"Domain Contacts Should Not Change"
Search Engine Watch (07/05/07) Richman, Deborah
ICANN has given indications that it intends to increase the privacy of the personal data that domain name registrants provide when registering domains. For example, earlier this year ICANN created an Operational Point of Contact Proposal (OPoC) that would allow domain registrants to list just one party's contact information instead of the data on three contacts (registrant, tech contact, and admin contact) that are required under the current scheme. Requiring domain registrants to provide data for multiple contacts is beneficial to several parties, including copyright holders, corporations, anti-fraud groups, consumers, law enforcement, and parents, said Steven Metalitz of ICANN's Generic Name Supporting Organization. The latest Whois Working Group meeting addressed the issue of OPoC but could not reach a resolution on the role OPoC should play. One potential solution to maintaining better control over domain-registrant data would be to charge a fee for downloading domain data from registrars.

August 2007

In this issue:

Influencing Key Audiences